Article

iOS 7: Activation Lock + Find My iPhone

Soon after Apple debuted the completely redesigned iOS 7 on June 10, 2013, it became obvious that the iOS user experience has changed enough to merit a public re-introduction—a forward-looking discussion of the updated user interface and integrated apps. Over the next week, our series on iOS 7 will look at every key section of Apple’s new operating system, starting with setting up iOS devices, the new Lock Screen and Home Screen, then continuing through other major UI elements and built-in apps. For a broad look at all of iOS 7’s changes from iOS 6, check out our big picture look at iOS 7, published on June 10, as well as our articles on iOS 7 setup, the Home Screen, and Lock Screen. Note that some features and graphics may change before iOS 7’s final release.

About Activation Lock

While Apple was generally ahead of the curve with Find My iPhone, an app designed to reunite users with lost or stolen devices, the feature suffered from one very important weakness: anybody who finds your device can easily erase it, thereby removing almost all of the tracking and location features before turning it into a “good as new” product.

Apple hopes to address this problem with “Activation Lock”—a new feature in iOS 7 that effectively ties your iPhone, iPad, or iPod touch to your iCloud Apple ID even after it’s been completely wiped and erased. The idea here is to deter theft of iPhones and other iOS devices by rendering them all but useless to would-be thieves.

Activation Lock is based in technology that has been used by Apple since the debut of the original iPhone in 2007. Every iPhone has had to “phone home” to Apple’s servers for authorization before it can actually be used. In the early days, this was a form of secondary carrier-lock, ensuring that devices were properly signed up for service with AT&T before they could be used. For whatever reason, Apple chose to extend activation to non-carrier iOS devices such as the iPod touch. In essence, until you plugged into iTunes and “activated” your device, it was essentially a brick.

While the appropriateness of such a feature has been debated for years, it has opened the doors to a new security model. Since a device cannot be “activated” without talking to Apple’s servers, it’s now fairly easy for Apple to refuse to activate a device that’s still registered under somebody else’s Apple ID. Apple is now preventing third-party developers from using Unique Device Identifiers (UDIDs), but it still has access to a virtual serial number that identifies a given device, and can associate it with a specific Apple ID.

Enabling Activation Lock

You won’t find a setting in iOS 7 to specifically enable Activation Lock, however. This is because Apple has transparently integrated this into the “Find My iPhone” app and related feature that has been part of iCloud and MobileMe for several years. The assumption seems to be that if you’re interested in tracking your iPhone, iPad, or iPod touch, you’re likely also interested in using Activation Lock.

In iOS 7, once Find My iPhone has been enabled, it can no longer be turned off without supplying the user’s iCloud password. This prevents the Find My iPhone feature from being too easily disabled, but now more importantly prevents the Activation Lock from being easily bypassed.

Location Services can still be disabled without requiring a password, but Find My iPhone will now automatically re-enable Location Services temporarily whenever the device’s location is requested.

An iOS 7 device that has Activation Lock enabled via the Find My iPhone feature cannot be restored through iTunes without specifically disabling Find My iPhone, which of course requires the iCloud password to be entered.

iOS 7 still provides an option for directly wiping an iOS device under Settings, General, Reset, however if Find My iPhone is enabled, the user will be required to enter the iCloud password before the device can be wiped. Doing this disables the Activation Lock as the user is obviously wiping the device deliberately.

Setting up an Activation Locked Device

Both iTunes and iOS prevent a device from being wiped normally while it has the Activation Lock feature enabled, which itself acts as a deterrent for the casual user. There are still ways to forcibly erase and restore an iOS device, however, and as a result the Activation Lock provides an additional line of security, preventing the device from being activated by Apple’s servers until the original owner’s iCloud Apple ID and password are provided.

The current shipping version of iTunes 11 seems to already know how to deal with this, and will advise the user that the connected device is locked and require that he or she enter the Apple ID that was used to set the device up originally.

This same procedure applies to using the iOS setup assistant, which will stop the user at the normal activation screen, prompting for the same information.

In fact, even iOS 6.1.3 has some awareness of the Activation Lock. Downgrading an Activation Locked iOS 7 device will still prevent it from being activated under the older iOS version.

In both scenarios, a hint is provided for the Apple ID to help the user remember which iCloud account may have been used for the device, but until those credentials are entered, the device is effectively locked and rendered useless.

Find My iPhone and Remote Erase

iOS 7 also adds a new feature to the Find My iPhone app that allows users to not only take advantage of Activation Lock but also allows you to display a phone number and custom message that will appear on the target device after it’s already been erased. This message will also appear as a dialog box if the device is connected to a computer running iTunes.

While remotely wiping a device will still cause you to lose the ability to actually track the device, at least you can now guarantee that your personal information is securely erased while still leaving some contact information to hopefully allow an honest finder to return your device back to you.

The process itself works in much the same way as engaging the “Lost Mode” introduced in iOS 6, prompting you to enter a phone number and a message before erasing the iPhone. Once this has been done, the erase request is sent out and the Find My iPhone app provides a note confirming that the device has been erased and how long ago the erasure occurred.

Even with the message displayed, a user can still initiate the iOS setup assistant in the usual way, however he or she will be stopped at the activation screen and prompted to enter the iCloud Apple ID and password to continue. In this case, the note clearly indicates that the iPhone in question was “lost and erased” and provides no hint of the original Apple ID that needs to be entered to activate the iPhone. This also works in much the same way if the device is connected to iTunes.

So, How Secure Is This, Really?

The process of jailbreaking an iOS device bypasses Apple’s activation process entirely. In fact, this was the reason for the very first iPhone hack about a week after the original iPhone was released, allowing users to use the iPhone without signing up with AT&T.

Although Apple fights jailbreaking with each new iOS and hardware release, by the late Steve Jobs’ own admission, it is in a cat and mouse game in that regard. It is therefore very likely that jailbreak hacks will continue to be available that can bypass the Activation Lock, allowing an iOS device to be used to some degree.

How effective this is, however, largely depends on how restrictive Apple chooses to be with its Activation Lock feature. So much of what a modern iOS device does requires communication with Apple’s servers in an unprecedented way. iCloud, the App Store, iTunes, iMessage, FaceTime, Game Center, and even Siri all need to “phone home” to Apple’s servers, and it would not be inconceivable for Apple to block all of these services from working on an Activation Locked iPhone—even one that had been jailbroken. Without access to these services, a market for stolen iPhones isn’t likely to exist outside of the hacker community. Given the white hat claims made by some hackers, the implications of this for the rest of the community are fascinating.

Further, the device identifiers that are likely being used by Apple for this purpose would be based entirely in hardware and therefore very difficult to alter.

At the end of the day, however, no system is foolproof, and much like jailbreaking in general, the hacking underground may find ways around much of this. Any security model is about deterrence, rather than outright prevention, and the new Activation Lock feature should go a long way in deterring casual theft of iOS devices by rendering the stolen devices useless to the average user.

More Information

For more information on iOS 7, check out big picture iOS 7 guide, and other articles in this series. Note that Find My iPhone will likely change considerably in appearance before the final release of iOS 7.

Comments

1

The time when a jailbreak can use a security hole to hack an locked iDevice is short, because apple mostly releases promt a software fix.

My worry is a complete release without hacking the iPhone.
In the last time you can do this if you get into the DFU/Restore Mode, connect your device with iTunes and install a clean ipsw File.

Please Jesse, can you verify this option?

P.S. Sorry for my bad english, greetings from germany.

Posted by René on June 13, 2013 at 9:30 AM (CDT)

2

Sorry typing error:

“My worry is a complete ERASE without hacking the iPhone.”

Posted by René on June 13, 2013 at 9:33 AM (CDT)

3

René: Sadly, that’s entirely possible, and truly is a difficult thing to prevent. DFU mode still exists, and is pretty necessary as it’s basically a hardware override to allow an iOS device to be restored and returned to normal operation when it may otherwise be impossible to do so.

Of course, even a full DFU restore will now prevent the device from being activated and used without supplying the original owner’s Apple ID and password. A DFU that applies an unofficial firmware, such as a jailbroken version, would render the device somewhat usable, since of course that would bypass any activation requirements, but the device would likely still be unable to communicate with Apple’s servers for things like the App Store and even Siri, rendering if pretty useless for the average end user.

Apple has already somewhat addressed the data loss aspect of this with the existing backup features, however. You can get a backup to iTunes whenever you plug into a computer or to iCloud as long as you’re on Wi-Fi and plugged in at least once every 24 hours. So even if a device is maliciously erased, most users should have a fairly recent backup. The only real risk there is for users who travel away from any Wi-Fi coverage for long periods of time.

Posted by Jesse Hollington in Toronto on June 13, 2013 at 3:28 PM (CDT)

4

Jesse, thanks for your answer!
I feared that a DFU restore is still possible.

My last question: I found an iPhone with activated iOS 7 feature “Activation Lock”. I put this device in DFU Mode, connect to my iTunes and install an official ipsw File from the Apple Server (not “hacktivated”). In the past, at the last setup step the device would be registrated and activted automatically if a SIM Card is inserted.
Is this at iOS 7 still the case?

Posted by René on June 14, 2013 at 2:37 AM (CDT)

5

I have forgot my apple id and password that was of someone else now i cant activate my iphone help me please how to activate my phone now

Posted by Sheeraz on June 17, 2013 at 8:18 AM (CDT)

6

I found an bug of iOS 7 beta:

I did test how to work with Activation Lock via iCloud. I turned off location service including Find my Iphone & Activation Lock, it wasn’t required login. I was shocked this bug is found. EPIC FAILED. I tweeted with Hashtag of Apple Developers. They should add further features for next beta. My suggestion: Turnoff location/AirMode must add exemption of enabled FindmyPhone and Activation Lock. IF turning off FindmyiPhone requires login for any legal reasons to protect you from spies such as CIA or NSA.

We strongly demand that security feature should tougher to defer thefts.

you can follow my nickname on Twitter

Posted by greenbychris on June 26, 2013 at 3:52 AM (CDT)

7

Hi everybody.I have a problem from a mounth ago…..I have iphone 5 witch is with subscription to Cosmote ROMANIA…and ipad mini buyed from Flanco store from ROMANIA is well.Now…the both are linked to the same ID Apple and need password for activation but i don’t remember that and if i go to “i forgot bla…bla…” for unlock they ask me date of birth.O.K….but seems is not correct when i put it….or….when i made the adress for icloud…they not accepr the same birthday data like in Apple ID so i change it but i don.t remember witch it was….so now i can’t change the old password with a new and that block me to activate the same device’s.Please help me someway…..Kind regards from Brasov-Romania.

Posted by Mircea Iosif on July 31, 2013 at 7:16 AM (CDT)

8

Reported lost phones stuck on activation screen selling for
200$+
I still see a market for stolen goods, not only each iPhone released from now on is going to be worth the same or more than the iPhone 5, stuck in start screen phones can still be sold for a good heap of cash, furthermore most people aren’t going to notice the activate lock when they are stealing a phone, and most thieves don’t do their homework first to know this, and will steal it regardless of knowing its activation locked or not.

Posted by Kevin on August 26, 2013 at 10:36 PM (CDT)

9

Hi, I have just bought an iPhone 5 off eBay. It was discribed as unlocked but when I’ve got it, it says its locked to a carrier and must be unlocked. I have contacted the seller many time and they swear its an unlocked phone, could this activation lock be the problem??

Posted by Connor on September 17, 2013 at 2:16 PM (CDT)

10

Hi!

And “one more thing” , - What is case if you lost your Activation Code, or you forget it? There is nothing on the net about this very fustrating issue happened with me.
Even apple can’t resolve this till this time. I am stuck here with my phone, and no backward and no forward.

Posted by Zsolt Szekely on September 19, 2013 at 9:56 AM (CDT)

11

I just updated my iPhone 4s to iOS 7 and I missed the step about Find My iPhone and the other one is about iCloud because it requires a wi-fi connection, but unfortunately I don’t have wi-fi. And one more thing it also says that it may charged me about the iMessage. How do I fix it? Please badly need your help!

Posted by elise egart on September 19, 2013 at 1:33 PM (CDT)

12

Hello, please I bought a second hand iphone 5 has had ios 6 after updating to ios 7 were working normally,then after connecting to the iTunes restore, and when I turn on the default setting you have to choose the country etc, then after a few steps I zobrayi activate an iPhone and want it on my apple id and password but it says to me that this device is now connected with apple id (t ***** @ v**** . cz) Login using your Apple ID that was used to set this iPhone .... I want to ask you if you would not consult me what the team needs him put into operation thanks to (former owner not known)

Posted by Tanja on September 22, 2013 at 11:44 AM (CDT)

13

If you don’t remember your activation info you are out of luck unless you can prove to apple with a valid receipt and ID. These things are not that hard to remember so I’m doubting some of the validity of some of these “I forgot” claims.

Posted by Faslane on September 22, 2013 at 4:44 PM (CDT)

14

I just upgraded to the IPhone7 on my Iphone5. I turn on the phone many times a day just to check scores, weather, news, etc. I don’t like having to enter the 4 digit password all of the time. It does not seem to matter if “Find a phone” is turned on or off, I still need to enter the password. Can I do something to avoid this extra step? Thank you.
Tom

Posted by toms on September 24, 2013 at 10:37 PM (CDT)

15

Daughter has iPod Touch just upgraded to IOS7. Has forgotten 4 digit passcode.
Was following blog instructions to “Restore” from iTunes but message says need to turn off Find My iPhone to do a Restore.
Can’t do this because can’t get into the iPos to turn off Find My iPhone.
What do we try next ???

Posted by Nick on September 25, 2013 at 8:52 AM (CDT)

16

hi there, same problem as nick above! so frustrating!

Posted by Leanne on September 28, 2013 at 8:44 AM (CDT)

17

“I forgot my AppleID and Password” means you probably have a lost or stolen device in your hands. Even if you pid money for it.

Please refrain from such cries for help at this page: this is exactly the purpose of this feature, to put an end to blackmarket illegal transactions.

C’mon people get a life and invest on a ‘clean’ device.

Posted by miguel alvarado on September 28, 2013 at 7:41 PM (CDT)

18

I need HELP URGENTLY!! SOS.

my wife changed her lock screen code and she didnt remember the paswrd anymore since she changes it every 3 days. (iphone 5 IOS 7)

we tried to put different passwords and it keeps saying its wrong. now the phone is locked. it doesnt even give me to try put the code again. only emergensy calls SOS.

I have the my apple ID user name and code but how and where do i get to use it in order to unlock my iphone again and reset a lock screen code.

please help me ASAP. thx for the understanding,
Ben.

Posted by Ben Levi on October 23, 2013 at 1:04 PM (CDT)

19

Two days ago my phone stolen. I logged into the cloud and set up lost mode. I rcvd’ my first emails of your phone played a sound, your phone has been found, etc, but have not seen any change since. It still shows up in the find my phone cloud under devices, just as “offline”. I am guessing it has been erased and hoping the culprit is having this same problem and all the bells and whistles are going off for them.

Posted by Deanna Brown on November 5, 2013 at 8:57 AM (CST)

20

Done.

Posted by Donald Trevarthen on December 29, 2013 at 12:06 PM (CST)

21

Hello, please I bought a second hand iphone 5 has had ios 7.0.3 after updating to ios 7.0.4 ,then after connecting to the iTunes restore, and when I turn on the default setting you have to choose the country etc, then after a few steps I want to activate an iPhone and want it on my apple id and password but it says to me that this device is now connected with apple id (b ***** @ icloud.com) Login using your Apple ID that was used to set this iPhone .... I want to ask you if you would not consult me what the team needs him put into operation thanks to (former owner not known

Posted by Tareq on December 30, 2013 at 7:05 PM (CST)

22

after having updated my ios to the latest version, I can not activate my iphone, and shows me the following message

23

its so funny how cynics just cant believe that something could happen to a legitimate owner of an apple device that causes them to be locked out. Purchasing a second hand phone does not mean it was ever stolen. That is a blanket assumption that doesnt seem to have any real insight attached. Apple will remove activation lock for you if you send them a receipt showing you are the original owner. Their is a way (youtube activation lock) to find out the original owners email and/or facebook info. Hopefully you can contact them and they can log into their icloud account and delete the device. at this point you should be able to power cycle the phone and start the activation process. Not always the best solution but it is a solution. Tanvir^^^ if you have your original reciept, or can prove that you are the original owner of the device call apple and they can help you. For us second hand owners the solution is to soft hack the activation lock (still cant use phone) and get contact info for the original owner. contact them and hopefully they will remove the device.

Posted by david payton on January 18, 2014 at 4:44 PM (CST)

24

oh yeah youtube iphone backup extractor, and go to iphonebackupextractor.com also, these will help you figure out the id but not the password….contacting the original owner should do the trick unless the device really was stolen… at that point though you have to just eat crow for buying an un verified device or… stop stealing lol

Posted by david payton on January 18, 2014 at 4:52 PM (CST)

25

meguel sir you are a douchebag

Posted by m0neymike420 on January 20, 2014 at 5:47 AM (CST)

26

Hi, I lost my iphone 4 with ios 7 which had the find my iphone feature enabled. However in icloud it states all devices are offline and I don’t have the option to activate lost mode and send message. Why is this? Am I missing a step? Can you help me pls? Thx!